Add a way to use the admin api without a user.

This commit is contained in:
lain 2018-12-18 21:08:52 +01:00
parent 443d59baa0
commit f3eb414e28
4 changed files with 78 additions and 1 deletions

View File

@ -175,3 +175,16 @@ the source code is here: https://github.com/koto-bank/kocaptcha. The default end
`https://captcha.kotobank.ch` is hosted by the developer. `https://captcha.kotobank.ch` is hosted by the developer.
* `endpoint`: the kocaptcha endpoint to use * `endpoint`: the kocaptcha endpoint to use
## :admin_token
Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the 'admin_token' parameter. Example:
```
config :pleroma, :admin_token, "somerandomtoken"
```
You can then do
```
curl "http://localhost:4000/api/pleroma/admin/invite_token?admin_token=somerandomtoken"
```

View File

@ -0,0 +1,25 @@
defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
import Plug.Conn
alias Pleroma.User
def init(options) do
options
end
def secret_token do
Pleroma.Config.get(:admin_token)
end
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
def call(%{params: %{"admin_token" => admin_token}} = conn, _) do
if secret_token() && admin_token == secret_token() do
conn
|> assign(:user, %User{info: %{is_admin: true}})
else
conn
end
end
def call(conn, _), do: conn
end

View File

@ -38,6 +38,7 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug)
plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.LegacyAuthenticationPlug)
plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug)
plug(Pleroma.Plugs.AdminSecretAuthenticationPlug)
plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.UserEnabledPlug)
plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug)
plug(Pleroma.Plugs.EnsureAuthenticatedPlug) plug(Pleroma.Plugs.EnsureAuthenticatedPlug)

View File

@ -0,0 +1,38 @@
defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
use Pleroma.Web.ConnCase, async: true
import Pleroma.Factory
alias Pleroma.Plugs.AdminSecretAuthenticationPlug
test "does nothing if a user is assigned", %{conn: conn} do
user = insert(:user)
conn =
conn
|> assign(:user, user)
ret_conn =
conn
|> AdminSecretAuthenticationPlug.call(%{})
assert conn == ret_conn
end
test "with secret set and given in the 'admin_token' parameter, it assigns an admin user", %{
conn: conn
} do
Pleroma.Config.put(:admin_token, "password123")
conn =
%{conn | params: %{"admin_token" => "wrong_password"}}
|> AdminSecretAuthenticationPlug.call(%{})
refute conn.assigns[:user]
conn =
%{conn | params: %{"admin_token" => "password123"}}
|> AdminSecretAuthenticationPlug.call(%{})
assert conn.assigns[:user].info.is_admin
end
end